Job Information
AbbVie Senior Penetration Tester - Red Team in Mettawa, Illinois
Company Description
AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas – immunology, oncology, neuroscience, and eye care – and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on Twitter, Facebook, Instagram, YouTube and LinkedIn.
Job Description
Come to work each day with an inclusive and collaborative business technology team. As a Senior Penetration Tester - Red Team in AbbVie Business Technology Solutions (BTS), you’ll have opportunities to contribute to the digital transformation of a leading biopharma company, helping to create solutions that impact patients and their communities for the better.
This position can be remote anywhere in the U.S.
AbbVIe Information Security is looking for a highly motivated, experienced, and skilled specialist to join the Attack Surface Management (ASM) team. AbbVie’s Advanced Security Testing team protects AbbVie’s patients, data, and brand by identifying vulnerabilities and threats to our organization through the use of simulated cyber security attacks. Advanced Security Testing is a capability of ASM within the larger Cyber Security Operations (CSO) function. Join us as Senior Penetration Tester - Red Team to support and improve our efforts to identify and reduce AbbVie’s attack surface and help our business continue to have remarkable impacts on people’s lives.
This is a key member of the Advanced Security Testing team, and will lead efforts in planning, developing, and executing adversarial exercises against our networks, systems, applications, and users. The Senior Tester will work with internal and external groups to lead communications around risks identified throughout AbbVie’s environment. This role will make a difference by working with AbbVie’s defenders to secure our organization against current and emerging threats.
The ideal candidate will have advanced experience performing penetration tests against systems, applications, and networks, and working with stakeholders to communicate the impact of identified vulnerabilities and recommending remediation plans.
Responsibilities
Provide leadership on the latest critical information security vulnerabilities, threats, and exploits, as they apply within the AbbVie environment
Develop and implement red team methodology to assess risk within AbbVie’s networks, systems, applications, and users
Perform advanced technical penetration testing exercises (announced and covert) to identify weaknesses in AbbVie’s environment and monitoring/response programs
Develop and deliver high-quality reporting to communicate technical findings to stakeholders, including developers, architects, and managers
Provide leadership on exploits, techniques, and countermeasures to members of the Information Security team, including AbbVie’s Cyber Security Incident Response Team (CSIRT) and junior red team staff members
Identify enhancements to tools, standards and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Information Security program on a global basis
Perform web and mobile application security assessments, as needed and as directed by senior Attack Surface Management team members, including tasks such as:
Performing security assessments for AbbVie applications across the enterprise
Static & dynamic application security testing and/or penetration testing of applications
Auditing results of security assessments with development and/or security teams and offering plans for remediation of vulnerabilities
Training customer staff on application security concepts, remediation of code defects, and secure software development best practices
Qualifications
Qualifications:
Bachelors Degree and 7 years experience OR Masters Degree and 6 years experience OR PhD and 2 years experience with direct enterprise-level red team and/or penetration testing experience
Hands-on experience with manual vulnerability testing, exploit development, and static code analysis, using commercial and open source tools
Candidate must have an understanding of security controls such as authentication, authorization, access control, cryptography, and network protocols along with security standards and frameworks including Mitre ATT&CK
Written and verbal communication skills are critical
Adept at communicating concepts to diverse audiences with varying skill sets
Certifications such as OSCP, OSCE, OSWP or ECSA are strongly preferred
Strong knowledge of the following:
Operating systems (including Windows, Linux, Unix, and MacOS)
Networking fundamentals and technologies
Cloud computing
Application architectures and technologies
Penetration testing techniques and tactics, including reconnaissance, initial access, persistence, lateral movement, collection, and exfiltration
Why Business Technology Solutions
For anyone who wants to use technology and data to make a difference in people’s lives, shape the digital transformation of a leading biopharmaceutical company, and secure sustainable career growth within a diverse, global team: we’re ready for you
Additional Information
Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law:
The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location, and we may ultimately pay more or less than the posted range. This range may be modified in the future.
We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance and 401(k) to eligible employees.
This job is eligible to participate in our short-term incentive programs.
This job is eligible to participate in our long-term incentive programs
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, incentive, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole and absolute discretion unless and until paid and may be modified at the Company’s sole and absolute discretion, consistent with applicable law.
AbbVie is committed to operating with integrity, driving innovation, transforming lives, serving our community and embracing diversity and inclusion. It is AbbVie’s policy to employ qualified persons of the greatest ability without discrimination against any employee or applicant for employment because of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information, gender identity or expression, sexual orientation, marital status, status as a protected veteran, or any other legally protected group status.